OttoKit WordPress Plugin with 100K+ Installs Hit by Exploits Targeting Multiple Flaws

Updated on May 7, 2025

A second security flaw impacting the OttoKit (formerly SureTriggers) WordPress plugin has come under active exploitation in the wild.
The vulnerability, tracked as CVE-2025-27007 (CVSS score: 9.8), is a privilege escalation bug impacting all versions of the plugin prior to and including version 1.0.82.
“This is due to the create_wp_connection() function missing a capability check and…

Read the rest of the story at Read More

Source: The Hacker News

December 19, 2023 Uncategorized

8220 Gang Exploiting Oracle WebLogic Ser...

November 5, 2024 Uncategorized

Malware Campaign Uses Ethereum Smart Con...

December 20, 2023 Uncategorized

OttoKit WordPress Plugin with 100K+ Installs Hit by Exploits Targeting Multiple Flaws

Related posts

8220 Gang Exploiting Oracle WebLogic Ser...

Malware Campaign Uses Ethereum Smart Con...

Alert: Chinese-Speaking Hackers Pose as ...

Leave a Comment Cancel reply

Recent News

Google Pays $1.375 Billion to Texas Over Unauthorized Tracking and Biometric Data Collection

Germany Shuts Down eXch Over $1.9B Laundering, Seizes €34M in Crypto and 8TB of Data

BREAKING: 7,000-Device Proxy Botnet Using IoT, EoL Systems Dismantled in U.S. – Dutch Operation

OtterCookie v4 Adds VM Detection and Chrome, MetaMask Credential Theft Capabilities

Initial Access Brokers Target Brazil Execs via NF-e Spam and Legit RMM Trials

Deploying AI Agents? Learn to Secure Them Before Hackers Strike Your Business

Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials

Beyond Vulnerability Management – Can You CVE What I CVE?

Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android

Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell